Skip to content

Commit

Permalink
Merge pull request #2162 from darranl/ELY-2774
Browse files Browse the repository at this point in the history 
[ELY-2774] Move CAGenerationTool to PKCS#12
  • Loading branch information
@fjuma
fjuma authored Jul 4, 2024
2 parents ef03018 + a5cea70 commit 00230a4
Show file tree
Hide file tree
Showing 13 changed files with 80 additions and 48 deletions.
4 changes: 2 additions & 2 deletions ...e/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,11 +137,11 @@ private SecurityIdentity performConnectionTest(SSLContext serverContext, SSLCont
SSLSocket sslSocket = (SSLSocket) clientContext.getSocketFactory().createSocket(InetAddress.getLoopbackAddress(), 1111);
sslSocket.getSession();

System.out.println("Client connected");
return sslSocket;
} catch (Exception e) {
System.out.println("Client Connection Failed");
throw new RuntimeException(e);
} finally {
System.out.println("Client connected");
}
});

Expand Down
4 changes: 2 additions & 2 deletions tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ public class SSLAuthenticationTest {
private final int TESTING_PORT = 18201;
private static final char[] PASSWORD = "Elytron".toCharArray();

private static final String JKS_LOCATION = "./target/test-classes/jks";
private static final String JKS_LOCATION = "./target/test-classes/pkcs12";
private static final String CA_CRL_LOCATION = "./target/test-classes/ca/crl";
private static final String ICA_CRL_LOCATION = "./target/test-classes/ica/crl";
private static final File WORKING_DIR_CACRL = new File(CA_CRL_LOCATION);
Expand All @@ -129,7 +129,7 @@ private static TrustManagerFactory getTrustManagerFactory() throws Exception {
}

private static KeyStore createKeyStore() throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null, null);
return ks;
}
Expand Down
20 changes: 10 additions & 10 deletions tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@
public class SSLv2HelloAuthenticationTest {

private static final char[] PASSWORD = "Elytron".toCharArray();
private static final String CA_JKS_LOCATION = "./target/test-classes/ca/jks";
private static final String CA_JKS_LOCATION = "./target/test-classes/ca/pkcs12";
private static File ladybirdFile = null;
private static File scarabFile = null;
private static File beetlesFile = null;
Expand Down Expand Up @@ -119,7 +119,7 @@ public static void setUp() throws Exception{

createKeyStores(ladybirdFile, scarabFile, beetlesFile, trustFile);

securityRealm = new KeyStoreBackedSecurityRealm(loadKeyStore("/ca/jks/beetles.keystore"));
securityRealm = new KeyStoreBackedSecurityRealm(loadKeyStore("/ca/pkcs12/beetles.keystore"));

securityDomain = SecurityDomain.builder()
.addRealm("KeystoreRealm", securityRealm)
Expand Down Expand Up @@ -162,7 +162,7 @@ public void testOneWaySSLv2HelloProtocolMatch() throws Exception {

SSLContext serverContext = new SSLContextBuilder()
.setSecurityDomain(securityDomain)
.setKeyManager(getKeyManager("/ca/jks/scarab.keystore"))
.setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore"))
.setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list)))
.build().create();

Expand All @@ -187,7 +187,7 @@ public void testTwoWaySSLv2HelloProtocolMatch() throws Exception {

SSLContext serverContext = new SSLContextBuilder()
.setSecurityDomain(securityDomain)
.setKeyManager(getKeyManager("/ca/jks/scarab.keystore"))
.setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore"))
.setTrustManager(getCATrustManager())
.setNeedClientAuth(true)
.setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list)))
Expand All @@ -214,7 +214,7 @@ public void testTwoWaySSLv2HelloProtocolMatch() throws Exception {
public void testTwoWaySSLv2HelloNotEnabled() throws Exception {
SSLContext serverContext = new SSLContextBuilder()
.setSecurityDomain(securityDomain)
.setKeyManager(getKeyManager("/ca/jks/scarab.keystore"))
.setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore"))
.setTrustManager(getCATrustManager())
.setNeedClientAuth(true)
.build().create();
Expand Down Expand Up @@ -243,7 +243,7 @@ public void testTwoWaySSLv2HelloNoClientSupport() throws Exception {

SSLContext serverContext = new SSLContextBuilder()
.setSecurityDomain(securityDomain)
.setKeyManager(getKeyManager("/ca/jks/scarab.keystore"))
.setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore"))
.setTrustManager(getCATrustManager())
.setNeedClientAuth(true)
.setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list)))
Expand Down Expand Up @@ -273,7 +273,7 @@ public void testTwoWaySSlv2HelloNoServerSupport() throws Exception {

SSLContext serverContext = new SSLContextBuilder()
.setSecurityDomain(securityDomain)
.setKeyManager(getKeyManager("/ca/jks/scarab.keystore"))
.setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore"))
.setTrustManager(getCATrustManager())
.setNeedClientAuth(true)
.setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list)))
Expand Down Expand Up @@ -376,7 +376,7 @@ private static X509ExtendedKeyManager getKeyManager(final String keystorePath) t
*/
private static X509TrustManager getCATrustManager() throws Exception {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(loadKeyStore("/ca/jks/ca.truststore"));
trustManagerFactory.init(loadKeyStore("/ca/pkcs12/ca.truststore"));

for (TrustManager current : trustManagerFactory.getTrustManagers()) {
if (current instanceof X509TrustManager) {
Expand All @@ -388,13 +388,13 @@ private static X509TrustManager getCATrustManager() throws Exception {
}

private static KeyStore loadKeyStore() throws Exception{
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null,null);
return ks;
}

private static KeyStore loadKeyStore(final String path) throws Exception {
KeyStore keyStore = KeyStore.getInstance("jks");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
try (InputStream caTrustStoreFile = SSLAuthenticationTest.class.getResourceAsStream(path)) {
keyStore.load(caTrustStoreFile, PASSWORD);
}
Expand Down
2 changes: 1 addition & 1 deletion tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@
*/
public class TLS13AuthenticationTest {

private static final String CA_JKS_LOCATION = "./target/test-classes/jks";
private static final String CA_JKS_LOCATION = "./target/test-classes/pkcs12";

private static CAGenerationTool caGenerationTool = null;
private static SecurityDomain securityDomain = null;
Expand Down
5 changes: 3 additions & 2 deletions ...st/resources/org/wildfly/security/auth/client/wildfly-masked-password-ssl-config-v1_4.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,11 @@
<configuration>
<authentication-client xmlns="urn:elytron:client:1.4">
<key-stores>
<key-store name="scarab" type="JKS">
<key-store name="scarab" type="PKCS12" provider="SUN">
<file name="target/test-classes/jks/scarab.keystore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="ladybird" type="JKS">
<key-store name="ladybird" type="PKCS12" provider="SUN">
<file name="target/test-classes/jks/ladybird.keystore"/>
<key-store-masked-password iteration-count="100" salt="12345678" masked-password="4J8OSOEqjB0="/>
</key-store>
Expand Down
2 changes: 1 addition & 1 deletion tests/base/src/test/resources/org/wildfly/security/ssl/ocsp-responder.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
<signers>
<signer name="signer1">
<type>JKS</type>
<key>password=Elytron,keystore=file:target/test-classes/jks/ocsp-responder.keystore</key>
<key>password=Elytron,keystore=file:target/test-classes/pkcs12/ocsp-responder.keystore</key>
<algorithms>
<algorithm>SHA256withRSA</algorithm>
</algorithms>
Expand Down
9 changes: 5 additions & 4 deletions tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,12 @@
<configuration>
<authentication-client xmlns="urn:elytron:client:1.5">
<key-stores>
<key-store name="scarab" type="JKS">
<file name="target/test-classes/jks/scarab.keystore"/>
<key-store name="scarab" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/scarab.keystore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="ladybird" type="JKS">
<file name="target/test-classes/jks/ladybird.keystore"/>
<key-store name="ladybird" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/ladybird.keystore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
</key-stores>
Expand Down
9 changes: 5 additions & 4 deletions tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,12 @@
<configuration>
<authentication-client xmlns="urn:elytron:client:1.6">
<key-stores>
<key-store name="scarab" type="JKS">
<file name="target/test-classes/ca/jks/scarab.keystore"/>
<key-store name="scarab" type="PKCS12" provider="SUN">
<file name="target/test-classes/ca/pkcs12/scarab.keystore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="ladybird" type="JKS">
<file name="target/test-classes/ca/jks/ladybird.keystore"/>
<key-store name="ladybird" type="PKCS12" provider="SUN">
<file name="target/test-classes/ca/pkcs12/ladybird.keystore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
</key-stores>
Expand Down
43 changes: 23 additions & 20 deletions tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,41 +20,44 @@
<configuration>
<authentication-client xmlns="urn:elytron:client:1.7">
<key-stores>
<key-store name="ca" type="JKS">
<file name="target/test-classes/jks/ca.truststore"/>
<key-store name="ca" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/ca.truststore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="ca2" type="JKS">
<file name="target/test-classes/jks/ca.truststore2" />
<key-store name="ca2" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/ca.truststore2" />
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="scarab" type="JKS">
<file name="target/test-classes/jks/scarab.keystore"/>
<key-store name="scarab" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/scarab.keystore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="ladybird" type="JKS">
<file name="target/test-classes/jks/ladybird.keystore"/>
<key-store name="ladybird" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/ladybird.keystore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="rove" type="JKS">
<file name="target/test-classes/jks/rove.keystore"/>
<key-store name="rove" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/rove.keystore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="ocsp-checked-good" type="JKS">
<file name="target/test-classes/jks/ocsp-checked-good.keystore"/>
<key-store name="ocsp-checked-good" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/ocsp-checked-good.keystore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="ocsp-checked-revoked" type="JKS">
<file name="target/test-classes/jks/ocsp-checked-revoked.keystore"/>
<key-store name="ocsp-checked-revoked" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/ocsp-checked-revoked.keystore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="ocsp-checked-unknown" type="JKS">
<file name="target/test-classes/jks/ocsp-checked-unknown.keystore"/>
<key-store name="ocsp-checked-unknown" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/ocsp-checked-unknown.keystore"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="ladybug" type="JKS">
<file name="target/test-classes/jks/ladybug.keystore" />
<key-store name="ladybug" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/ladybug.keystore" />
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="greenjune" type="JKS">
<file name="target/test-classes/jks/greenjune.keystore" />
<key-store name="greenjune" type="PKCS12" provider="SUN">
<file name="target/test-classes/pkcs12/greenjune.keystore" />
<key-store-clear-password password="Elytron"/>
</key-store>
</key-stores>
Expand Down
12 changes: 10 additions & 2 deletions tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ public class CAGenerationTool implements Closeable {

private static final String BEETLES_STORE = "beetles.keystore";
private static final String KEY_ALGORITHM = "RSA";
private static final String KEYSTORE_TYPE = "JKS"; // TODO Switch to PKCS#12
private static final String KEYSTORE_TYPE = "PKCS12";
private static final int OCSP_PORT = 4854;
static final char[] PASSWORD = "Elytron".toCharArray();

Expand Down Expand Up @@ -144,6 +144,10 @@ public KeyStore getBeetlesKeyStore() {
return loadKeyStore(new File(workingDir, BEETLES_STORE));
}

public String getKeyStoreType() {
return KEYSTORE_TYPE;
}

/**
* @deprecated Use {@link CommonIdentity#getCertificate()} instead.
*/
Expand Down Expand Up @@ -364,8 +368,12 @@ private static KeyStore createEmptyKeyStore() {
}
}

File getKeyStoreFile(Identity identity) {
return new File(workingDir, identity.getKeyStoreName());
}

KeyStore loadKeyStore(final Identity identity) {
return loadKeyStore(new File(workingDir, identity.getKeyStoreName()));
return loadKeyStore(getKeyStoreFile(identity));
}

static KeyStore loadKeyStore(final File location) {
Expand Down
7 changes: 7 additions & 0 deletions tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.wildfly.security.ssl.test.util;

import java.io.File;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
Expand All @@ -42,8 +43,14 @@ public X509Certificate getCertificate() {
return certificate;
}

public String getKeyStoreType() {
return caGenerationTool.getKeyStoreType();
}

public abstract KeyStore loadKeyStore();

public abstract File getKeyStoreFile();

public X509ExtendedKeyManager createKeyManager() {
caGenerationTool.assertNotClosed();

Expand Down
5 changes: 5 additions & 0 deletions tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,9 @@ public KeyStore loadKeyStore() {
return CAGenerationTool.loadKeyStore(keyStoreFile);
}

@Override
public File getKeyStoreFile() {
return keyStoreFile;
}

}
6 changes: 6 additions & 0 deletions tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.wildfly.security.ssl.test.util;

import java.io.File;
import java.security.KeyStore;
import java.security.cert.X509Certificate;

Expand All @@ -38,4 +39,9 @@ public KeyStore loadKeyStore() {
return caGenerationTool.loadKeyStore(identity);
}

@Override
public File getKeyStoreFile() {
return caGenerationTool.getKeyStoreFile(identity);
}

}

0 comments on commit 00230a4

Please sign in to comment.